Scope

Digital Threats: Research and Practice (DTRAP) is a peer-reviewed Gold Open Access journal that targets the prevention, identification, mitigation, and elimination of digital threats. It is published on a quarterly basis. DTRAP aims to bridge the gap between academic research and industry practice. Accordingly, the journal welcomes manuscripts that address extant digital threats, rather than laboratory models of potential threats, and presents reproducible results pertaining to real-world threats.

DTRAP invites researchers and practitioners to submit manuscripts that present scientific observations about the identification, prevention, mitigation, and elimination of digital threats in all areas, including computer hardware, software, networks, robots, industrial automation, firmware, digital devices, etc. For articles involving analysis, the journal requires the use of relevant data and the demonstration of the importance of the results. For articles involving the results of structured observation such as experimentation and case studies, the journal requires explicit inclusion of rigorous practices; for example, experiments should clearly describe why internal validity, external validity, containment, and transparency hold for the experiment described.

Topics relevant to the journal include (but are not limited to):

    Network security
    Web-based threats
    Point-of-sale threats
    Closed-network threats
    Malicious software analysis
    Exploit analysis
    Vulnerability analysis
    Adversary tactics
    Threat landscape studies
    Criminal ecosystem studies
    Systems analysis
    Critical Infrastructure Threats
    Victim response patterns
    Adversary attack patterns
    Studies of security operations processes/practices/TTPs
    Assessment and measurement of security architectures/organization security posture
    Threat information management and sharing
    Security services or threat intelligence ecosystem studies
    Impact of new technologies/protocols on the threat landscape

Special Issue on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks
Submission Date: 2024-11-30

Guest Editors:
• Michele Ianni, University of Calabria, Italy, michele.ianni@unical.it
• Sebastian Schrittwieser, University of Vienna, Austria, sebastian.schrittwieser@univie.ac.at

MATE (Man-At-The-End) is an attacker model where an adversary has access to the target software or hardware
environment of his victim and the ability to observe and modify it in order to extract secrets such as cryptographic
keys or sensitive information, possibly with the subsequent goal of altering code integrity or inserting backdoors,
among others. A typical example of such a scenario is the case of an attack on a stolen smartphone or against
software leveraging protection to hide sensitive data or intellectual property.

The main focus of the special issue on Offensive and Defensive Techniques in the Context of Man At The End (MATE)
Attacks is on new models and techniques to defend software from tampering, reverse engineering, and piracy as
well as to the development of new attack strategies that highlight the need of more complete defenses. We include
both offensive and defensive techniques because of their close and intertwined relationship depending on the
attack scenario: indeed, reverse engineering is defensive when the goal is to analyze obfuscated malware, but it is
offensive when it is used to steal intellectual property and assets in legitimate software. Likewise, obfuscation is
defensive when it aims for protecting a legitimate asset against reverse engineering, while it is offensive if it is used
to hide that malware is embedded in an application. Both scenarios are of practical relevance, and therefore the
special issue on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks includes all
attacks on/defenses of the confidentiality and integrity of software applications and assets embedded therein and
exposed to MATE attacks. In such scenarios, attackers have full control over, and white-box access to, the software
and the systems on which they attack the software in their labs.

Strongly encouraged are proposals of new, speculative ideas, metrics, tools, and procedures for evaluating tamper-
proofing, watermarking, obfuscation, birthmarking, and software protection algorithms in general. Assessment of
new or known techniques in practical settings and discussions of emerging threats, and problems are expected.
Likewise, reverse engineering of low-level constructs such as machine code or gate-level circuit definitions through
static and dynamic analysis is geared to recover information to determine the intent of programs and understand
their inner workings as well as for classifying them with respect to similar known code (which is typically malicious).
The special issue on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks welcomes
original work on the formal investigation of software protection, where formal methods are used to better
understand the nature, relations, potentialities, and limits of software security techniques.

The special issue will receive extended versions of selected papers that were originally presented at the CheckMATE
workshop, co-located with the ACM Conference on Computer and Communications Security (CCS) 2024.
CheckMATE authors must submit the conference version of the manuscript alongside its corresponding extended
version for consideration. This two-tiered submission process is crucial in ensuring the appropriate evaluation and
comparison of the work's advancements. Authors submitting extended versions of their work to this Special Issue
must ensure that their submissions consist of a minimum of 40% new material and exhibit a similarity rate below
25%. Any violation may lead to a desk-rejection. The special issue also welcomes submissions that are not directly
related to the workshop, as long as they fall within the topics of interest.

Topics can include but are not limited to:

Software attacks and defenses techniques:
● Code Obfuscation and De-obfuscation
● Anti-Debugging and Anti-Simulation
● Software Diversity, Renewability, and Moving Target Defenses
● Data Obfuscation and White-box Cryptography
● Software Tampering and Anti-tampering ,Online Software Protections
● Software Similarity, Plagiarism detection, Authorship Attribution, Legal aspects
● Software Licensing, Watermarking, Fingerprinting, Anti-cloning
● Software Steganography, Information Hiding and Discovery
● Open-Source tools for software protection
● Malware Analysis
● Static and Dynamic Program Analysis, Symbolic Execution
● Man-at-the-end (MATE) Attack Technologies
● Security of AI and Machine Learning in the context of MATE
● Smart Software Attack and Defenses
● Hardware-based Software Protection
● Formal methods for modeling security attacks and defenses

Software Security Evaluation, Decision Support and Industrial Aspects:
● Evaluation Methodologies
● Threat modeling
● Decision Support Systems and Security Optimization
● Protection Tool Chains and Integrated Development Environments
● Protected Software Architectures and Build Process Integration
● Security Validation and Best Practices from Industry
● Software Protection on Heterogeneous Platforms (sensors, smartphones, cloud)
● Software Protection Benchmarks

Important Dates

• Submissions deadline: November 30, 2024
• First-round review decisions: March 15, 2025
• Deadline for revision submissions: April 30, 2025
• Notification of final decisions: June 30, 2025
• Tentative publication: September 30, 2025

Submission Information

Submitted papers must not substantially overlap with previously published or currently under review papers for
journals or conferences. All manuscripts considered for publication must be prepared using the ACM large format
template and submitted as a PDF via the Manuscript Central submission site at
https://mc.manuscriptcentral.com/dtrap. Authors are required to adhere to the guidelines available at
https://dl.acm.org/journal/dtrap/author-guidelines. Failure to meet these requirements may result in a desk
rejection.

For questions and further information, please contact Michele Ianni (michele.ianni@unical.it) or Sebastian
Schrittwieser(sebastian.schrittwieser@univie.ac.at).